Assigning Permissions

Sharing a folder shares all sub-folders and their contents

Permission levels on UBbox follow a "waterfall" design in which individuals only have access to the folder they are invited into and any subfolders beneath it. People can be invited into folders but not individual files. See Sharing Folders with Collaborators in UBbox.

ITORG Exception Accounts

The centrally-provisioned group boxaccess provides UBbox authorization for UBITNames when logging in via ADFS. All active faculty, staff and students have membership in this group.

We can also provide access to ITORG accounts via departmental groups added to the central ubfs_BoxExceptions group. Departmental sub-groups can be created by node admins and added to ubfs_BoxExceptions via a the EIS request form. Any ITORG accounts that are members of these departmental groups are authorized to use UBBox.”Any ITORG accounts that are members of these departmental groups are authorized to use UBbox. For consistency in naming these nested ITORG groups, we suggest a nomenclature of [OU Branding Prefix]_BoxExceptions. As an example, EIS would create and use the group ‘eiss_BoxExceptions’.

Additionally, to use an ITORG account for box, it must have a unique email address value. This can be either via the creation of an Exchange mailbox (if collaboration and status messages are desired) or via a well-formed, non-routable email address of ‘samAccountName@itorg.ad.buffalo.edu’

Adding an ITORG Group as a Member of ubfs_BoxExceptions

If you would like EIS to add an ITORG group as a member of ‘ubfs_BoxExceptions’ or need an ITORG account stamped with a unique email address, submit a request through the UBIT Help Center Online. Once an ITORG group is a member of ubfs_BoxExceptions, ITORG accounts with appropriate email addresses can be added and removed by the department as needed. To limit the number of UBbox licenses used, please only include those ITORG accounts that require access.

Deleting an ITORG Account

Deleting an ITORG Account deletes all data

When an ITORG account is deleted, all its associated data is also deleted.

If an ITORG account is deleted, then CIT needs to be notified so that the account can also be deleted in UBbox so that the license can be released.

UBAD and UBbox Groups

How Groups Are Added to Ubbox

UBAD groups are automatically added to UBbox if the string boxaccess is in the Active Directory Users and Computers 'Notes' field of the group. This field corresponds to the group's Info attribute. Any existing data in the Notes field can remain and will not interfere with the boxaccess string.

Collaboration invitations will only go to members of a group that have logged in prior to the invitation going out. If a member subsequently logs in, they will have access but will not receive the collaboration invitation.

Removing Groups from UBbox

To remove a group from UBbox, remove the boxaccess string.

Automatic Updates

Group additions to and removals from UBbox will happen every 15 minutes. A logon of a user that is a member of a boxaccess marked group will also force creation of the group if it does not already exist in UBBox.

Common Questions

Do I need an Exchange mailbox?

You do not have to have an Exchange mailbox, unless collaboration and status messages from UBbox are desired. In that case, the messages should be monitored.